smtpIptablesBlocker

This script is the result of my search for a way to make my mail server more resilient against spam waves. Take a look at following links(1,2,3) if you want to know more about the history/process to this solution. I use courier as MTA and IMAP backend for it.

Introduction

To fight the spam I’m using DNS RBL as first line of defense, followed by greylisting, spam assassin and some other stuff. The ratio of spam which gets through is quite low but thats not the problem at this point. The problem is the spam waves that hit the server several times a day. Normally the system has under 30 open SMTP connections to/from others server, but within minutes that value raises drastically (and courier creates a process for each). For example look at the values which show the amount of open SMTP connections at the given moment.

This script now solves my problem. It looks through the maillog and adds every DNS RBL listed IP to the firewall for 10 minutes. After that it just terminates the process which handles the connection. This leads to a reduced process number at once and makes space for a new one. A clean solution would implement my complete script in the mta itself – basically adding the IP to the firewall and terminating the smtp handling process. But this works also stable so far until something like this is added to courier (if it ever will be)
.

Install – Iptables stuff

First load the iptables module somewhere at boot time with an option to allow more IP addresses stored.

modprobe ipt_recent ip_list_tot=1000

I think 1000 is quite on the low end, as the spam waves easily reach them. Then add following iptables commands to your firewall script.